August 22nd, 2011, 12:00 PM
Yahoo DNS Abuse
Am I the only one having a problem with Yahoo DNS servers bombarding our server with type 99 (SPF) requests. The maximum number of requests received one day last week was 55,987, but it looks like today may set a new record.
August 22nd, 2011, 12:22 PM
Could be people spoofing sending mail from your domain and yahoo's servers just doing the proper procedure for spf enforcing. You can try setting the TTL for the TXT/SPF statement higher. It may cut back on the queries (unless they do a lookup per email coming in). Probably better to have SPF queries coming in than spammers getting your domain blacklisted.
Or it could be someone just using their servers will ill intent. Are the servers querying you open to recursion?
August 22nd, 2011, 08:04 PM
Servers used are:
Originally Posted by CaptPikel
I assume these are internal servers, as they do not respond to port 53. Part of the problem is that Yahoo does not check for TXT records, and our DNS does not support type 99 requests. It just rotates through the round robin servers asking the same question several times. I have blocked most of the servers, but it hasn't slowed the onslaught. Yahoo just ignores all my abuse complaints.
August 25th, 2011, 10:33 AM
New record established yesterday.
Still no response from Yahoo, even though I have a problem number.
August 25th, 2011, 11:04 AM
Yeah that seems pretty sketchy. I guess there isn't much you can do except wait or block IP's. I only have a very small test domain I can check queries on and I don't get that. So not sure on this one.
September 9th, 2011, 02:41 PM
Yahoo DNS Abuse continues
Yesterday, our DNS server received 88,715 requests (97% of all requests) from Yahoo, and I have had absolutely zero non-automated response from Yahoo. The volume is so high that it is starting to flood the NAT table in our router.
Yahoo appears to be using SPF to delay incoming mail delivery. Our Pseudo SMTP server (which rejects all incoming messages with a 550 error), recorded 88 attempts from various Yahoo mail servers to send a message to very obviously random generated email addresses in our domain. The DNS queries seem highly disproportionate to the rejection messages sent
Does anyone know if Yahoo uses a Domain Name Block List such as the Spamhaus DBL? I am getting desperate.
November 9th, 2011, 10:49 AM
Yayoo DNS abuse suddenly stopped
I have no idea why, but for the last 7 days the bombardment has ceased. Not only that, but there have been zero requests for type 99 or TXT records from anywhere.
Anyone have any idea what is going on? Has Yahoo abandoned their SPF attempts?